Key management systems and methods for shared secret ciphers
Abstract
Various embodiments are described herein for a Key Management System (KMS) and associated methods for providing authentication and secure shared key distribution capabilities without revealing a device's secret key. The KMS allows one or more accessing applications or devices residing on a variety of systems and associated with a plurality of organizations to efficiently authenticate other applications or devices with which they are in communication and to securely establish a shared secret between authenticated applications or devices. Secret keys may be cached throughout the KMS system for off-line and efficient operations. The KMS system enables authentication of devices and secure communication between these devices which may have been created and secured under different domains without those domains having an a priori relationship.
Claims
exact text as granted — not AI-modified1 . A system for the provision of cryptographic key management services (KMS), wherein the system comprises:
a KMS domain authority server layer including at least one KMS authority server configured to manage cryptographic keys for a first domain; and a root KMS server layer including at least one KMS root server, the root KMS server layer being linked to the authority KMS server layer, the at least one KMS root server being configured to communicate with applications and devices that make security requests to the system when there are no other layers in the system,
wherein, the layers are organized in a hierarchy such that each layer has a different security level.
2 . The system of claim 1 , wherein the system further comprises an intermediate KMS server layer including at least one KMS distribute server, the intermediate KMS server layer being linked to the root KMS server layer and wherein servers in at least one of the root KMS server layer and the intermediate KMS server layer are configured to communicate with applications and devices that make security requests to the system when there are no other layers in the system.
3 . The system of claim 2 , wherein the system further comprises a resolver KMS server layer including at least one KMS local server, the resolver KMS server layer being linked to the intermediate KMS server layer and wherein servers in at least one of the root KMS server layer, the intermediate KMS server layer and the resolver KMS server layer are configured to communicate with applications and devices that make security requests to the system.
4 . The system of claim 1 , wherein the system further comprises a resolver KMS server layer including at least one KMS local server, the resolver KMS server layer being linked to the root KMS server layer and wherein servers in at least one of the root KMS server layer and the resolver KMS server layer are configured to communicate with applications and devices that make security requests to the system.
5 . The system of claim 3 , wherein the at least one KMS authority server is connected to the at least one KMS root server.
6 . The system of claim 3 , wherein the KMS domain authority server layer further comprises a KMS top level domain server connected to the at least one KMS authority server and the at least one KMS root server.
7 . The system of claim 2 , wherein the intermediate KMS server layer comprises at least two sub-layers having different security levels.
8 . The system of claim 3 , wherein the at least one KMS authority server contains all of the cryptographic keys required for authenticating devices and applications that are associated with the first domain, the at least one KMS root server contains a subset of the cryptographic keys contained by the at least one KMS authority server and the at least one KMS distribute server contains a subset of the cryptographic keys contained by the at least one KMS root server.
9 . The system of claim 3 , wherein each layer is assigned a different security level and wherein the KMS domain authority server layer is assigned a higher security level than the root KMS server layer, the root KMS server layer is assigned a higher security level than the intermediate KMS server layer, and the intermediate KMS server layer is assigned a higher security level than the resolver KMS server layer.
10 . The system of claim 3 , wherein the layers are configured to propagate each security request from the device or application to servers in successively higher layers until a server is located with the required information to facilitate the security request.
11 . The system of claim 10 , wherein at least one server in the root KMS server layer, the intermediate KMS server layer and the resolver KMS server layer is configured to cache information including at least one of queries, query results, cryptographic keys and cryptographic conversations based on a specified set of security levels for each domain.
12 . The system of claim 11 , wherein the at least one server in the root KMS server layer, the intermediate KMS server layer and the resolver KMS server layer is configured to respond to the security request if the at least one server contains a cached query result that corresponds to the security request or if the at least one server contains cryptographic information that corresponds to the security request and is configured to calculate a result based on the stored cryptographic information.
13 . The system of claim 3 , wherein at least one server in at least one of the root KMS server layer, the intermediate KMS server layer and the resolver KMS server layer comprises a key store and is configured to perform computations required for a cryptographic conversation with the device or application.
14 . The system of claim 3 , wherein the at least one KMS local server is configured to resolve domain names associated with the at least one KMS authority server to obtain direct access to the at least one KMS authority server thereby creating a two-level hierarchy within the system.
15 . The system of claim 3 , wherein at least one server at a given layer is configured to implement a PUSH operation to send cryptographic information comprising at least one cryptographic key or at least one cryptographic conversation to at least one server in a lower layer in the system provided the at least one server at the lower layer has an appropriate security level to receive the cryptographic information.
16 . The system of claim 3 , wherein at least one server at a given layer beneath the KMS domain authority server layer is configured to implement a PULL operation to receive cryptographic information comprising at least one cryptographic key or at least one cryptographic conversation from at least one server in a higher layer in the system provided the at least one server at the given layer has an appropriate security level to receive the cryptographic information.
17 . The system of claim 1 , wherein the root KMS server layer comprises a set of KMS root servers.
18 . The system of claim 1 , wherein the system is used to provide cryptographic services for multiple domains and wherein at least one KMS authority server is associated with each domain.
19 . The system of claim 3 , wherein the first domain is a parent domain and the system comprises a subsystem associated with a child domain wherein the subsystem comprises a second KMS domain authority server layer, a second root KMS server layer, a second intermediate KMS server layer; and a second resolver KMS server layer and wherein a KMS root server of the second root KMS server layer is connected to a KMS distribute server of the intermediate KMS server layer associated with the parent domain, whereby the child domain is nestled within the parent domain.
20 . The system of claim 19 , wherein if any of the servers in the child domain cannot service the security request, the KMS root server in the child domain is configured to propagate the security request to KMS servers associated with the parent domain having a security level equal to or higher than the security level of the intermediate KMS server layer associated with the parent domain.
21 . The system of claim 1 , wherein the at least one KMS root server is connected to a KMS root server associated with a parent domain and if any of the servers in the first domain cannot service the security request, the at least one KMS root server in the first domain is configured to propagate the security request to the KMS root server associated with the parent domain and if the KMS root server associated with the parent domain cannot service the security request, the KMS root server associated with the parent domain is configured to propagate the request to a KMS root server associated with another domain.
22 . The system of claim 1 , wherein the servers in the system are configured to use one of a Hummingbird symmetric cipher, an Advanced Encryption Standard cipher, an Elliptic Curve Cryptographic cipher and an RSA encryption cipher.
23 . The system of claim 1 , wherein the servers in the system are configured to use any one of a symmetric cipher or an asymmetric cipher and a public cryptographic technique or a private cryptographic technique.
24 . The system of claim 1 , wherein the at least one KMS authority server comprises distribution access control lists that specify cryptographic information that can be shared with certain servers associated with other layers in the system or certain servers, devices or applications associated with other domains.
25 . The system of claim 24 , wherein when the distribution control lists comprise a distribution white list, all entities requesting data from the at least one authority server must be authenticated and on the distribution white list in order to receive the data.
26 . The system of claim 24 , wherein when the distribution control lists comprise a distribution black list, all entities requesting data from the at least one authority server must be authenticated and not on the distribution black list in order to receive the data.
27 . The system of claim 3 , wherein the at least one KMS local server is configured to provide resolve services using at least one of a Domain Name System (DNS) and a Secure Domain Name System (DNSSEC).
28 . The system of claim 1 , wherein portions of cryptographic conversations are transmitted between the layers of the system to anonymously authenticate the device that makes the security request.
29 . A system for the provision of cryptographic key management services (KMS), wherein the system comprises:
a KMS domain authority server layer including at least one KMS authority server configured to manage cryptographic keys for a domain; a root KMS server layer including at least one KMS root server, the root KMS server layer being linked to the authority KMS server layer; an intermediate KMS server layer including at least one KMS distribute server, the intermediate KMS server layer being linked to the root KMS server layer; and a resolver KMS server layer including at least one KMS local server, the resolver KMS server layer being linked to the intermediate KMS server layer,
wherein servers in at least one of the root KMS server layer, the intermediate KMS server layer and the resolver KMS server layer are configured to communicate with applications and devices that make security requests to the system, and
wherein at least one server in at least one of the root KMS server layer, the intermediate KMS server layer and the resolver KMS server layer comprises a key store and is configured to perform computations required for a cryptographic conversation with the device or application to service the security request.
30 . A system for the provision of cryptographic key management services (KMS), wherein the system comprises:
a KMS domain authority server layer including at least one KMS authority server configured to manage cryptographic keys for a first domain; a root KMS server layer including at least one KMS root server, the root KMS server layer being linked to the authority KMS server layer; an intermediate KMS server layer including at least one KMS distribute server, the intermediate KMS server layer being linked to the root KMS server layer; and a resolver KMS server layer including at least one KMS local server, the resolver KMS server layer being linked to the intermediate KMS server layer,
wherein servers in at least one of the root KMS server layer, the intermediate KMS server layer and the resolver KMS server layer are configured to communicate with applications and devices that make security requests to the system, and
wherein the at least one KMS root server is configured to propagate the security request to a KMS root server or a KMS distribute server associated with a different system of another domain thereby allowing the system to authenticate and securely communicate with devices or applications associated with different domains.
31 . A system for the provision of cryptographic key management services (KMS), wherein the system comprises:
a KMS domain authority server layer including a plurality of KMS authority servers, each KMS domain authority server being configured to manage cryptographic keys for different domains; a root KMS server layer including at least one KMS root server, the root KMS server layer being linked to the authority KMS server layer; an intermediate KMS server layer including at least one KMS distribute server, the intermediate KMS server layer being linked to the root KMS server layer; and a resolver KMS server layer including at least one KMS local server, the resolver KMS server layer being linked to the intermediate KMS server layer,
wherein servers in at least one of the root KMS server layer, the intermediate KMS server layer and the resolver KMS server layer are configured to communicate with applications and devices that make security requests to the system, and
wherein the security requests are propagated to the KMS domain authority server of the domain associated with the device or application in order to provide authentication and distribution of at least one of cryptographic keys and cryptographic conversations between two or more of the different domains.
32 . A method for the provision of cryptographic key management services (KMS) in a system, wherein the method comprises:
associating at least one KMS authority server with a KMS domain authority server layer having a first security level; configuring the at least one KMS authority server to manage cryptographic keys for a first domain; associating at least one KMS root server with a root KMS server layer having a second security level; linking the root KMS server layer to the authority KMS server layer; and configuring the at least one KMS root server to communicate with applications and devices that make security requests to the system when there are no other layers in the system.
33 . The method of claim 32 , wherein the method further comprises:
associating at least one KMS distribute server with an intermediate KMS server layer; linking the intermediate KMS server layer to the root KMS server layer; and configuring the servers in at least one of the root KMS server layer and the intermediate KMS server layer to communicate with applications and devices that make security requests to the system when there are no other layers in the system.
34 . The method of claim 33 , wherein the method further comprises:
associating at least one KMS local server with a resolver KMS server layer; linking the resolver KMS server layer to the intermediate KMS server layer; and configuring the servers in at least one of the root KMS server layer, the intermediate KMS server layer and the resolver KMS server layer to communicate with applications and devices that make security requests to the system.
35 . The method of claim 32 , wherein the method further comprises:
associating at least one KMS local server with a resolver KMS server layer; linking the resolver KMS server layer to the root KMS server layer; and configuring the servers in at least one of the root KMS server layer and the resolver KMS server layer to communicate with applications and devices that make security requests to the system.
36 . The method of claim 34 , wherein the method further comprises linking the at least one KMS authority server with the at least one KMS root server.
37 . The method of claim 34 , wherein the method further comprises associating a KMS top level domain server with the KMS domain authority server layer and linking the KMS top level domain server to the at least one KMS authority server and the at least one KMS root server.
38 . The method of claim 33 , wherein the method further comprises defining at least two sub-layers having different security levels in the intermediate KMS server layer.
39 . The method of claim 34 , wherein the method comprises:
providing the at least one KMS authority server with all of the cryptographic keys required for authenticating devices and applications that are associated with the first domain; providing the at least one KMS root server with a subset of the cryptographic keys contained by the at least one KMS authority server; and providing the at least one KMS distribute server with a subset of the cryptographic keys contained by the at least one KMS root server.
40 . The method of claim 34 , wherein the method further comprises assigning each layer a different security level and wherein the method comprises assigning the KMS domain authority server layer a higher security level than the root KMS server layer, assigning the root KMS server layer a higher security level than the intermediate KMS server layer, and assigning the intermediate KMS server layer a higher security level than the resolver KMS server layer.
41 . The method of claim 34 , wherein the method further comprises configuring the layers to propagate each security request from the device or application to servers in successively higher layers until a server is located with the required information to facilitate the security request.
42 . The method of claim 41 , wherein the method further comprises configuring at least one server in the root KMS server layer, the intermediate KMS server layer and the resolver KMS server layer to cache information including at least one of queries, query results, cryptographic keys and cryptographic conversations based on a specified set of security levels for each domain.
43 . The method of claim 42 , wherein the method further comprises configuring at least one server in the root KMS server layer, the intermediate KMS server layer and the resolver KMS server layer to respond to the security request if the at least one server contains a cached query result that corresponds to the security request or if the at least one server contains cryptographic information that corresponds to the security request and is configured to calculate a result based on the stored cryptographic information.
44 . The method of claim 34 , wherein the method further comprises providing a key store to at least one server in at least one of the root KMS server layer, the intermediate KMS server layer and the resolver KMS server layer and configuring the at least one server with the key store to perform computations required for a cryptographic conversation with the device or application.
45 . The method of claim 34 , wherein the method further comprises configuring at least one KMS local server to resolve domain names associated with the at least one KMS authority server to obtain direct access to the at least one KMS authority server thereby creating a two-level hierarchy within the system.
46 . The method of claim 34 , wherein the method further comprises configuring at least one server at a given layer to implement a PUSH operation to send cryptographic information comprising at least one cryptographic key or at least one cryptographic conversation to at least one server in a lower layer in the system provided the at least one server at the lower layer has an appropriate security level to receive the cryptographic information.
47 . The method of claim 34 , wherein the method further comprises configuring at least one server at a given layer beneath the KMS domain authority server layer to implement a PULL operation to receive cryptographic information comprising at least one cryptographic key or at least one cryptographic conversation from at least one server in a higher layer in the system provided the at least one server at the given layer has an appropriate security level to receive the cryptographic information.
48 . The method of claim 32 , wherein the method comprises associating a set of KMS root servers in the root KMS server layer.
49 . The method of claim 32 , wherein the system is used to provide cryptographic services for multiple domains and the method further comprises associating at least one KMS authority server with each domain.
50 . The method of claim 34 , wherein the first domain is a parent domain and the method further comprises associating a subsystem with a child domain, associating a second KMS domain authority server layer, a second root KMS server layer, a second intermediate KMS server layer and a second resolver KMS server layer with the subsystem, and connecting a KMS root server of the second root KMS server layer to a KMS distribute server of the intermediate KMS server layer associated with the parent domain, whereby the child domain is nestled within the parent domain.
51 . The method of claim 50 , wherein if any of the servers in the child domain cannot service the security request, the method further comprises configuring the KMS root server in the child domain to propagate the security request to KMS servers associated with the parent domain having a security level equal to or higher than the security level of the intermediate KMS server layer associated with the parent domain.
52 . The method of claim 32 , wherein the at least one KMS root server is connected to a KMS root server associated with a parent domain and if any of the servers in the first domain cannot service the security request, the method further comprises configuring the at least one KMS root server in the first domain to propagate the security request to the KMS root server associated with the parent domain and if the KMS root server associated with the parent domain cannot service the security request, the method further comprises configuring the KMS root server associated with the parent domain to propagate the request to a KMS root server associated with another domain.
53 . The method of claim 32 , wherein the method further comprises configuring the servers in the system to use one of a Hummingbird symmetric cipher, an Advanced Encryption Standard cipher, an Elliptic Curve Cryptographic cipher and an RSA encryption cipher.
54 . The method of claim 32 , wherein the method further comprises configuring the servers in the system to use any one of a symmetric cipher or an asymmetric cipher and a public cryptographic technique or a private cryptographic technique.
55 . The method of claim 32 , wherein the method further comprises providing the at least one KMS authority server with distribution access control lists that specifies cryptographic information that can be shared with certain servers associated with other layers in the system or certain servers, devices or applications associated with other domains.
56 . The method of claim 55 , wherein when the distribution control lists comprise a distribution white list, the method further comprises requiring all entities requesting data from the at least one authority server to be authenticated and to be on the distribution white list in order to receive the data.
57 . The method of claim 55 , wherein when the distribution control lists comprise a distribution black list, the method further comprises requiring all entities requesting data from the at least one authority server to be authenticated and to not be on the distribution black list in order to receive the data.
58 . The method of claim 35 , wherein the method further comprises configuring the at least one KMS local server to provide resolve services using at least one of a Domain Name System (DNS) and a Secure Domain Name System (DNSSEC).
59 . The method of claim 32 , wherein the method further comprises transmitting portions of cryptographic conversations between the layers of the system to anonymously authenticate the device that makes the security request.
60 . A method of providing security services from a Key Management Services (KMS) system to a device requesting a service, wherein the method comprises:
sending a query from a server interface in the KMS system to the device; obtaining an initialization vector (iv) and a device vector (dv) from the device at the server interface; generating a Tag Authentication Request (TAR) packet at the server interface based on a unique session identifier (sid), a type code identifying a type of response expected, the iv, and the dv; and sending the TAR packet from the interface server to a KMS server at a higher level in the KMS system to obtain the requested service.
61 . The method of claim 60 , wherein the method further comprises generating a secure session identifier (ssid) at the server interface and including the ssid in the query and the TAR packet.
62 . The method of claim 60 , wherein the method further comprises:
creating a session record at the KMS server in response to the TAR packet using the sid as a reference; initiating a search of a key list at the KMS server using parameters in the TAR packet; and sending an affirmative authentication (AA) packet from the KMS server to the server interface if the search was successful and a matching key was found, the AA packet having a type based on the type code.
63 . The method of claim 62 , wherein the method further comprises generating the AA packet at the KMS server by:
generating a random challenge vector; generating a reader_rsp vector and a first tag_rsp vector as challenge response vectors using the matching key and a Hummingbird encryption algorithm initialized with the iv; and including the sid, the challenge vector, the reader_rsp vector, and the first tag_rsp vector in the AA packet.
64 . The method of claim 62 , wherein upon receiving the AA packet sent from the KMS server to the server interface, the method further comprises:
canceling a retry timer at the server interface if the retry timer was set when the TAR packet was sent by the server interface; and forwarding the challenge vector and reader_rsp vector from the server interface to the device.
65 . The method of claim 64 , wherein at the device the method further comprises:
generating a corresponding response vector using the challenge vector, the reader_rsp vector and a current encryption engine state at the device; comparing the corresponding response vector with the reader_rsp vector; and authenticating the server interface if the corresponding response vector and the reader_rsp vector match.
66 . The method of claim 65 , wherein the method further comprises:
generating a second tag_rsp vector based on the current state of the encryption engine at the device; transmitting the second tag_rsp vector from the device to the server interface; comparing the second tag_rsp vector from the device with the first tag_rsp vector received from the KMS server at the server interface; and authenticating the device at the server interface if the first and second tag_rsp vectors match.
67 . The method of claim 66 , wherein method further comprises beginning a command phase when the first and second tag_rsp vectors match.
68 . The method of claim 60 , wherein the method further comprises transmitting the TAR packet using an IPsec transport mode AH.
69 . The method of claim 62 , wherein the method further comprises transmitting the AA packet from the KMS server using an IPsec transport mode ESP packet.
70 . The method of claim 62 , wherein the method further comprises using an IPsec AH digest at the KMS server to authenticate the TAR packet.
71 . The method of claim 60 , wherein the method further comprises employing a Hummingbird encryption protocol.
72 . The method of claim 62 , wherein the method further comprises generating the AA packet at the KMS server by:
generating a session key from a series of cipher text values using the iv, the dv and the matching key; generating a random challenge vector; generating a reader_rsp vector and a first tag_rsp vector as challenge response vectors using the matching key and a Hummingbird encryption algorithm initialized with the iv; generating an encoded genSessionKey command using a Hummingbird decryption process; and including the sid, the challenge response vector, the reader_rsp vector, the first tag_rsp vector, the session key and the encoded genSessionKey command in the AA packet.
73 . The method of claim 72 , wherein upon receiving the AA packet sent from the KMS server to the server interface, the method further comprises:
canceling a retry timer at the server interface if the retry timer was set when the TAR packet was sent by the server interface; and forwarding the challenge vector and the reader_rsp vector from the server interface to the device.
74 . The method of claim 72 , wherein upon receiving the AA packet sent from the KMS server to the server interface, the method further comprising storing the session key at the server interface.
75 . The method of claim 73 , wherein at the device the method further comprises:
generating a corresponding response vector using the challenge vector, the reader_rsp vector and a current state of a first encryption engine at the device; comparing the corresponding response vector with the reader_rsp vector; and authenticating the server interface if the corresponding response vector and the reader_rsp vector match.
76 . The method of claim 75 , wherein the method further comprises:
generating a second tag_rsp vector based on the current state of the first encryption engine at the device; transmitting the second tag_rsp vector from the device to the server interface; comparing the second tag_rsp vector from the device with the first tag_rsp vector received from the KMS server at the server interface; and authenticating the device at the server interface if the first and second tag_rsp vectors match.
77 . The method of claim 76 , wherein the method further comprises:
sending the encoded genSessionKey command from the server interface to the device; decoding the encoded genSessionKey command at the device using a current state of a Hummingbird encryption engine at the device; generating a second session key from a series of cipher text values at the device wherein the second session key matches the session key generated by the KMS server; and loading the second session key into the Hummingbird encryption engine at the device and initializing the Hummingbird encryption engine using the iv to ready the device for subsequent data transformations.
78 . The method of claim 77 , wherein method further comprises loading an encryption engine at the server interface with the session key from the AA packet and initializing the encryption engine using the iv from the session record.
79 . The method of claim 78 , wherein the method further comprises using a current state of the encryption engine at the device to generate a first session key check vector and sending the first session key check vector to the server interface.
80 . The method of claim 79 , wherein the method further comprises:
using a current state of a second encryption engine at the server interface to generate a second session key check vector using a procedure similar to that used by the device; comparing the second session key check vector with the first session key check vector received from the device at the server interface; and validating the device if the first and second session key check vectors match.
81 . The method of claim 80 , wherein the method further comprises beginning a command phase when the first and second session key check vectors match.
82 . The method of claim 62 , wherein the method further comprises:
generating a first session key from a series of cipher text values at the device without reinitializing a first encryption engine at the device; and loading the first session key into the first encryption engine at the device and initializing the first encryption engine using the iv to prepare the device for subsequent data transformations.
83 . The method of claim 82 , wherein the method further comprises generating the AA packet at the KMS server by:
generating a second session key from a series of cipher text values using the iv, the dv and the matching key, the second session key matches the first session key generated by the device; and including the sid and the second session key in the AA packet.
84 . The method of claim 83 , wherein upon receiving the AA packet sent from the KMS server to the server interface, the method further comprises:
canceling a retry timer at the server interface if the retry timer was set when the TAR packet was sent by the server interface; loading a second encryption engine at the server interface with the second session key; initializing the second encryption engine using the iv from the session record; generating a random challenge vector at the server interface; generating a reader_rsp vector as a challenge response vector at the server interface using a Hummingbird encryption algorithm; and sending the challenge vector and the reader_rsp vector from the server interface to the device.
85 . The method of claim 84 , wherein upon receiving the AA packet sent from the KMS server to the server interface, the method further comprising storing the session key at the server interface.
86 . The method of claim 84 , wherein at the device the method further comprises:
generating a corresponding response vector using the challenge vector, the reader_rsp vector and the current state of the first encryption engine at the device; comparing the corresponding response vector with the reader_rsp vector; and authenticating the server interface if the corresponding response vector and the reader_rsp vector match.
87 . The method of claim 86 , wherein the method further comprises:
generating a first tag_rsp vector based on the current state of the first encryption engine at the device; transmitting the first tag_rsp vector from the device to the server interface; generating a second tag_rsp vector at the server interface; comparing the first tag_rsp vector from the device with the second tag_rsp vector; and authenticating the device at the server interface if the first and second tag_rsp vectors match.
88 . The method of claim 87 , wherein the method further comprises beginning a command phase when the first and second session key check vectors match.
89 . The method of claim 62 , wherein the method further comprises generating the AA packet at the KMS server by:
generating a first session key from a series of cipher text values using the iv, the dv and the matching key; generating a random challenge vector; generating a reader_rsp vector and a first tag_rsp vector as challenge response vectors using the matching key and a Hummingbird encryption algorithm initialized with the iv; formatting a setSessionKey tag command containing the first session key as a parameter; encoding the setSessionkey tag command using a preserved state of the Hummingbird encryption algorithm and a Hummingbird decryption algorithm; and including the sid, the challenge vector, the reader_rsp vector, the first tag_rsp vector, the first session key and the encoded setSessionKey tag command in the AA packet.
90 . The method of claim 89 , wherein upon receiving the AA packet sent from the KMS server to the server interface, the method further comprises:
canceling a retry timer at the server interface if the retry timer was set when the TAR packet was sent by the server interface; and forwarding the challenge vector and the reader_rsp vector from the server interface to the device.
91 . The method of claim 90 , wherein at the device the method further comprises:
generating a corresponding response vector using the challenge vector, the reader_rsp vector and the current state of a first encryption engine at the device; comparing the corresponding response vector with the reader_rsp vector; and authenticating the server interface if the corresponding response vector and the reader_rsp vector match.
92 . The method of claim 91 , wherein the method further comprises:
generating a second tag_rsp vector based on the current state of the first encryption engine at the device; transmitting the second tag_rsp vector from the device to the server interface; generating a third tag_rsp vector at the server interface; comparing the second tag_rsp vector from the device with the third tag_rsp vector at the server interface; and authenticating the device at the server interface if the second and third tag_rsp vectors match.
93 . The method of claim 92 , wherein the method further comprises sending the encoded setSessionKey tag command from the server interface to the device if the second and third tag_rsp vectors match.
94 . The method of claim 93 , wherein the method further comprises:
encrypting the encoded setSessionKey tag command at the device which causes decoding of the command and the session key contained therein; and executing the setSessionKey tag command at the device by loading the session key into a Hummingbird encryption engine at the device and initializing the engine using the iv.
95 . The method of claim 94 , wherein the method further comprises:
loading the session key into a Hummingbird encryption/decryption engine at the device; initializing the Hummingbird encryption/decryption engine at the server interface using the iv that was previously stored in the session record; using a current state of the encryption engine at the device to generate a first session key check vector and sending the first session key check vector to the server interface; using a current state of the encryption engine at the server interface to generate a second session key check vector using a similar procedure as was used by the device; comparing the first and second session key check vectors; and validating the device if the first and second key check vectors match.
96 . The method of claim 95 , wherein the method further comprises beginning a command phase when the first and second session key check vectors match.
97 . The method of claim 62 , wherein the method further comprises generating the AA packet at the KMS server by including the sid and the matching key which is a secret key of the device.
98 . The method of claim 97 , wherein upon receiving the AA packet sent from the KMS server to the server interface, the method further comprises:
canceling a retry timer at the server interface if the retry timer was set when the TAR packet was sent by the server interface; storing the secret key in a session record referenced by the sid; loading a first encryption engine at the server interface with the secret key; initializing the first encryption engine using the iv from the session record; generating a random challenge vector at the server interface; generating a reader_rsp vector as a challenge response vector at the server interface using a Hummingbird encryption algorithm; and sending the challenge vector and the reader_rsp vector from the server interface to the device.
99 . The method of claim 98 , wherein at the device the method further comprises:
generating a corresponding response vector using the challenge vector, the reader_rsp vector and a current state of the encryption engine at the device; comparing the corresponding response vector with the reader_rsp vector; and authenticating the server interface if the corresponding response vector and the reader_rsp vector match.
100 . The method of claim 99 , wherein the method further comprises:
generating a first tag_rsp vector based on a current encryption engine state at the device; transmitting the first tag_rsp vector from the device to the server interface; generating a second tag_rsp vector at the server interface; comparing the first tag_rsp vector from the device with the second tag_rsp vector; and authenticating the device at the server interface if the first and second tag_rsp vectors match.
101 . The method of claim 100 , wherein the method further comprises beginning a command phase when the first and second session key check vectors match.
102 . The method of claim 60 , wherein the KMS server is an intermediate KMS server and the method further comprises:
creating a session record at the intermediate KMS server in response to the TAR packet using the sid as a reference; initiating a search of a first key list at the intermediate KMS server using parameters in the TAR packet; and propagating the TAR packet to a root KMS server if the search fails.
103 . The method of claim 102 , wherein the method further comprises:
creating a second session record at the root KMS server in response to the TAR packet using the sid as a reference; initiating a search of a second key list at the root KMS server using the parameters in the TAR packet; and propagating the TAR packet to an authority KMS server if the search fails.
104 . The method of claim 103 , wherein the method further comprises:
creating a third session record at the authority KMS server in response to the TAR packet using the sid as a reference; initiating a search of a third key list at the authority KMS server using the parameters in the TAR packet; and sending an affirmative authentication (AA) packet to the root KMS server if the search was successful and a matching key was found, the AA packet having a type based on the type code.
105 . The method of claim 104 , wherein the method further comprises generating the AA packet at the authority KMS server by including the sid, and the matching key in the AA packet, wherein the matching key is the secret key of the device.
106 . The method of claim 105 , wherein upon receiving the AA packet sent from the authority KMS server to the root KMS server, the method further comprises at the root KMS server:
canceling a first retry timer at the root KMS server if the retry timer was set when the TAR packet was sent by the root KMS server; storing the secret key at the root KMS server if the root KMS server is a caching server; and transmitting the AA packet to the intermediate KMS server.
107 . The method of claim 106 , wherein upon receiving the AA packet sent from the root KMS server to the intermediate KMS server, the method further comprises at the intermediate KMS server:
canceling a second retry timer at the intermediate KMS server if the second retry timer was set when the TAR packet was sent by the intermediate KMS server; storing the secret key at the intermediate KMS server if the intermediate KMS server is a caching server; generating a session key from a series of cipher text values using the iv, the dv and the matching key; generating a random challenge vector; generating a reader_rsp vector and a tag_rsp vector as challenge response vectors using the matching key and a Hummingbird encryption algorithm initialized with the iv; formatting a setSessionKey tag command containing the session key as a parameter; encoding the setSessionkey tag command using a preserved state of the Hummingbird encryption algorithm and a Hummingbird decryption algorithm; including the sid, the challenge vector, the reader_rsp vector, the tag_rsp vector, the first session key and the encoded setSessionKey tag command in a second AA packet; and sending the second AA packet to the server interface.
108 . The method of claim 102 , wherein the method further comprises:
creating a second session record at the root KMS server in response to the TAR packet using the sid as a reference; initiating a search of a second key list at the root KMS server using the parameters in the TAR packet; and sending a negative acknowledge packet to the intermediate KMS server since the root KMS server is an authoritative KMS server for this domain and is unable to find a matching key.
109 . The method of claim 108 , wherein the method further comprises:
consulting a list of alternate domains at the intermediate KMS server to check with for authorization; and sending the TAR packet to a second authority KMS server in the list of alternate domains to attempt for authentication when the negative acknowledge packet is received at the intermediate KMS server.
110 . The method of claim 109 , wherein the method further comprises:
generating a third session record at the second authority KMS server in response to the TAR packet using the sid as a reference; initiating a search of a third key list at the second authority KMS server using the parameters in the TAR packet; and sending an affirmative authentication (AA) packet to the intermediate KMS server if the search was successful and a matching key was found, the AA packet having a type based on the type code.
111 . The method of claim 110 , wherein the method further comprises generating the AA packet at the second authority KMS server by including the sid, and the matching key in the AA packet, wherein the matching key is the secret key of the device.
112 . The method of claim 111 , wherein upon receiving the AA packet sent from the second authority KMS server to the intermediate KMS server, the method further comprises at the intermediate KMS server:
canceling a retry timer at the intermediate KMS server if the retry timer was set when the TAR packet was sent by the intermediate KMS server; storing the secret key if the intermediate KMS server is a caching server; generating a session key from a series of cipher text values using the iv, the dv and the matching key; generating a random challenge vector; generating a reader_rsp vector and a tag_rsp vector as challenge response vectors using the matching key and a Hummingbird encryption algorithm initialized with the iv; formatting a setSessionKey tag command containing the session key as a parameter; encoding the setSessionkey tag command using a preserved state of the Hummingbird encryption algorithm and a Hummingbird decryption algorithm; including the sid, the challenge vector, the reader_rsp vector, the tag_rsp vector, the session key and the encoded setSessionKey tag command in a second AA packet; and sending the second AA packet to the server interface.
113 . The method of claim 60 , wherein the method further comprises:
generating a random challenge vector, a reader_rsp response vector and a first tag_rsp response vector at the KMS server using a matching key that corresponds to the device; generating a corresponding response vector and a second tag_rsp vector at the device; comparing the corresponding response vector with the reader_rsp vector at the device to authenticate the server interface; and comparing the second tag_rsp vector and the first tag_rsp vector at the server interface to authenticate the device.
114 . The method of claim 113 , wherein the method further comprises:
generating a session key and an encoded genSessionKey command at the KMS server using the matching key; decoding the encoded genSessionKey command at the device to generate a second session key at the device; generating a first session key check vector at the device; generating a second session key check vector at the server interface; and validating the device at the server interface if the first and second session key check vectors match.
115 . The method of claim 60 , wherein the method further comprises:
generating a first session key at the device; generating a second session key at the KMS server using a matching key that corresponds to the device; generating a random challenge vector, a reader_rsp response vector and a first tag_rsp response vector based on the second session key at the server interface; generating a corresponding response vector and a second tag_rsp vector at the device based on the first session key; comparing the corresponding response vector with the reader_rsp vector at the device to authenticate the server interface; and comparing the second tag_rsp vector and the first tag_rsp vector at the server interface to authenticate the device.
116 . The method of claim 113 , wherein the method further comprises:
generating a session key and an encoded setSessionKey command at the KMS server using the matching key; decoding the encoded setSessionKey command at the device to generate a second session key at the device; generating a first session key check vector at the device; generating a second session key check vector at the server interface; and validating the device at the server interface if the first and second session key check vectors match.
117 . The method of claim 60 , wherein the method further comprises:
sending the matching key that corresponds to the device from the KMS server to the server interface; generating a random challenge vector, a reader_rsp response vector and a first tag_rsp response vector based on the matching key at the server interface; generating a corresponding response vector and a second tag_rsp vector at the device based on the challenge vector; comparing the corresponding response vector with the reader_rsp vector at the device to authenticate the server interface; and comparing the second tag_rsp vector and the first tag_rsp vector at the server interface to authenticate the device.
118 . The method of claim 60 , wherein the method further comprises:
sending the TAR packet along a path to successively higher security level KMS servers according to a hierarchy of the KMS system until a matching key is found that corresponds to the device; generating an affirmative authentication packet at the higher security level KMS server at which the matching key was located; and propagating the affirmative authentication packet along the path to the server interface.
119 . The method of claim 60 , wherein the method further comprises:
sending the TAR packet to a higher security level KMS server to locate a matching key that corresponds to the device; consulting a list of alternate domains if a negative acknowledge packet is received from the higher security level KMS server in order to identify a KMS server in an alternate domain; sending the TAR packet to the KMS server in the alternate domain to locate the matching key; and repeatedly performing the consulting and sending steps until the matching key is located or every KMS server in the list of alternate domains has been checked.
120 . The method of claim 119 , wherein the method further comprises:
generating an affirmative authentication packet at the KMS server in the list of alternate domains if the matching key is located; and sending the affirmative authentication packet to the server interface if the matching key is located.
121 . The method of claim 60 , wherein the method comprises using a KMS local server, a KMS distribute server or a KMS root server as the server interface.
122 . A computer readable medium comprising a plurality of instructions executable on a processor of an electronic device for adapting the electronic device to implement a method of providing cryptographic key management servers (KMS) in a system wherein the method is defined according to claim 60 .Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.